Apple's App Store Has Had Its First Major Hack

Update: On Tuesday, Apple confirmed that it will be reaching out to customers who downloaded the affected apps. Apple recommends that users who downloaded a compromised app reset their iCloud and account passwords as a precautionary measure.

After years of a blissfully secure app ecosystem, Apple has fallen victim to its first major malware attack. This past Sunday, the company revealed it had scrubbed its App Store of several hundred primarily Chinese applications unintentionally embedded with malicious software.

A number of well-meaning developers downloaded a fake version of Xcode, the integrated development environment (IDE) that coders use to build iOS apps. Developers were likely lured into using the counterfeit version, XcodeGhost, because it handled downloads more quickly over a local Chinese server, rather than a slower, faraway U.S. server (they thought it was a mirror download). Some of the apps affected by the malware include a handful of China's most popular titles — an older version of WeChat, and Didi Kuadi, the country's version of Uber, to name two.

Before the development of XcodeGhost, only five apps in the official App Store had been found to contain any kind of malware, according to data obtained by Reuters. Apple has a detailed and rigorous review process for new apps, so it seems likely that the malware — which thus far hasn't actually been reported to have done anything malicious, such as steal user data — must have been very subtle and embedded deep within the affected apps' source code. This is the first major oversight on the part of Apple's app review process.

Apple hasn't yet revealed exactly how many apps were affected by the breach, or how users can tell if their iPhone or iPad might be infected. The best safeguard we can suggest for now: Update all your apps — especially if you haven't done so in a while.
Advertisement

More from Tech

You may start to notice your Uber drivers snapping a lot of selfies, but it doesn't necessarily mean that you're riding with an Instagram addict. Your ...
Snapchat CEO Evan Spiegel announced that the company has developed new video-enabled sunglasses, called Spectacles, and will subsequently be rebranding ...
You're at 20,000 feet, and you realize your flight doesn’t have WiFi — which wouldn't be a big deal, except you forgot your book at home, and none of your ...
GENERATION STARTUP presents Women In Tech, an episode of an exclusive web series with footage left on the cutting room floor. The feature documentary ...
It's a sad but true fact that a bad commute — one where you just miss the bus or subway — has the power to ruin your day. More often than not, these near...
When you think of playing a video game, what comes to mind? Is it a raucous game of Wii Bowling when you were in college? Hours spent on your Game Boy ...
If you're a Yahoo user (or ever have been), you'll want to change your password ASAP — and not just on that Yahoo account. Today, the company confirmed ...
(Paid Content) Refinery29 is now on Versy, a messaging and content-sharing app made for busy people like us
There are two types of people in this world: the zero-inbox purists, and the ones with hundreds (or even thousands) of unread messages in their inbox. ...
It may seem like your car hasn't let you down. But apparently, all these years, you've been driving a vehicle suited for the wrong gender. At least that's ...
The iPhone 7 may not be a mystery anymore, but the hype surrounding it is far from gone. Now that we know what it looks like (hello, new camera) and what's...
Without a doubt, dating in 2016 is an art form. If you’re single and looking for love, you know where the scene is. It’s online. (Unless you’ve made it ...
Instagram's latest update includes a tool that's ideal for every perfectionist — or anyone who spends time editing a photo in the app, only to get ...
I was doing my usual routine of scrolling through Instagram while eating my lunch when I saw a truly disturbing image: The now-10-year-old boy I used to ...